Category Archives: For Business

SECURITY ALERT: GermanWiper Ransomware Erases Your Data Even If You Pay

German companies and employees of German companies, in particular, are faced with a devious wave of ransomware attacks. While the new ransomware strain has been targeting mostly German victims so far, there’s no telling how far it may spread. We should all be aware of how the ransomware infects devices and how it works.

The GermanWiper ransomware earned its name not just because of the German focus of its intended targets, but also because it’s particularly devious. It doesn’t really encrypt data with a secret key, like other ransomware, awaiting payment in order to decrypt it.

With this one, there’s a nasty twist. The GermanWiper ransomware overwrites the data with strings of zeroes, rendering it completely unusable (wiped) forever. Nevertheless, it still acts like typical ransomware, falsely promising the victims that their files will be back if they pay a fee.

How Does the GermanWiper Ransomware Spread?

The victims of the GermanWiper ransomware typically receive a German-language email on behalf of a phony job applicant. The spam email pretends to be from a certain Lena Kretschmer, who is looking for a job and is sending the target a job application.

This is how the typical GermanWiper email looks like:

germanwiper spam email

The common subject line of the email is “Ihr Stellenangebot – Bewerbung [Your job offer – Application] – Lena Kretschmer“. If the target opens it, they will notice that the email also contains an attachment named “Unterlagen_Lena_Kretschmer.zip”

If the victim makes the mistake of opening the zip archive, they will then get what looks like PDF files (with the correct file extension, .pdf). The files are actually link files (LNK) masquerading as PDF files, and once opened they will begin running malicious commands on the machine, infecting it.

When the LNK files are opened, they execute a PowerShell Command which downloads a malicious HTA file from xpandingdelegation[.]top site (domain sanitized for your safety). The HTA file then downloads the main ransomware executable. It all takes place in a matter of seconds. So, once you open those fake PDF files, there’s no turning back.

What Happens Once Infected with the GermanWiper Ransomware

There are two types of ransomware, usually: file lockers and computer (or device) lockers. The first (and more common) just lock your important data with a secret encryption key. The second type renders your device as a whole unusable until the ransom is paid.

GermanWiper is the type which only locks the files, so it’s less severe than the ones which block any use of your device. But unlike file lockers the world has seen so far, GermanWiper doesn’t lock anything. It only claims to have locked (encrypted) your files.

What it actually does is rewrite them with zeroes, such as in the screenshot below:

germanwiper wiped file

Image source: BleepingComputer.

If you were so inclined to pay the required ransom, there’s no doubt it would be for nothing. We haven’t heard from people who fell for the scam so far, but since the files are actually rewritten with zeros, it’s clear that there is nothing to recover.

If you are in this situation and find yourself infected with GermanWiper, there’s nothing to do. Just count your losses and have a better protection system in place next time. Company-wide cybersecurity awareness training is also a must.

What to Do If Infected with Ransomware

Even though there are plenty of free ransomware decryption tools which can help victims of ransomware, in many cases there is nothing to do but pay the attackers.

I personally wouldn’t recommend it because this keeps feeding the malware economy. Unless the data you lost is a matter of life-and-death, if you can’t decrypt it just let it go. Don’t repay the attackers for their unethical work.

Still, I won’t judge if you do decide to pay the ransom in order to get your data back. Unfortunately, as mentioned above, payment is not an option with the GermanWiper ransomware. This malicious creation will just delete your data from the start, so even if you send the ransom money, you can’t get it back. It’s just falling for a scam.

Of course, the best way to not get infected with ransomware (and other malware in general) is prevention. Adopt a proactive stance to your online security and you’ll be safe instead of sorry.

Against new strains of ransomware such as this one, Antivirus is not enough. You also need a DNS traffic filtering layer on top, which is able to detect even unknown malware. Our flagship product, Thor Foresight Home, is an award-winning product exactly for this type of challenge. If you’d like to try it out, here’s one month on the house.

The easy way to protect yourself against malware

Here's 1 month of Thor Foresight Home, on the house!

Thor Foresight Home, the next-gen unique threat prevention

Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

Try Thor Foresight

Be vigilant and don’t open attachments in emails, no matter how legit they seem. If you’re located in Germany and receive a work proposal email, be extra-extra cautious. It may be GermanWiper looking for its next victim.

The post SECURITY ALERT: GermanWiper Ransomware Erases Your Data Even If You Pay appeared first on Heimdal Security Blog.

Windows Defender Vulnerabilities: How the Latest Malware Can Disable It

Are you relying only on the built-in defenses in your Windows 10 operating system for security? This was never a good idea, but lately, it became even more dangerous. Windows Defender vulnerabilities were uncovered by researchers, far surpassing what users could have expected.

During the past months and even before that, the world of cybersecurity has held its breath over Trickbot updates. The banking Trojan has been around since 2016 and according to recent forensics of it, it has compromised over 265 million email accounts. While the malware is not exactly new, the trickiest part about it (pun intended) is how it manages to adapt.

The most worrisome part of its evolving trajectory is its ability to disable Windows Defender. The latest cybersecurity analysis has revealed that in its latest campaign, Trickbot has been targeting Windows 10 users. Especially in corporate environments (but also inside plenty of home devices), this is the operating system of choice.

How Does Trickbot Work?

Trickbot has been around since 2016 and managed to be a stressful threat ever since. Targeting both individuals and companies, it is a jack of many trades. Every time security has it pinned down and think that a permanent counter has been found, Trickbot resurfaces in an altered form.

Thor Foresight makes sure that link is safe!

Your parents and friends will click any suspicious link, so make sure they're protected.

Thor Foresight Home anti malware and ransomware protection heimdal security

Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

This is not about the usual change all malware strains go through to evade detection by simple Antiviruses. Generally, malware developers (hackers) change just a few lines of code to make the malware appear different.

Trickbot’s History of Adapting to Defensive Software

Not so with Trickbot. In this case, whenever Trickbot got reinvented, it also resurfaced with a changed strategy. That’s the main reason for which it wasn’t yet completely eradicated. At the moment, small businesses are the most endangered by Trickbot’s activity.

Over its 3 years of activity, Trickbot wore many disguises and targeted various entities and systems, depending on what was deemed more vulnerable at the time. When it first emerged, it seemed to borrow heavily from Dyrezza, a previous banking Trojan. It also stole data from users via malicious spam.

From its initial emergence, Trickbot proved to be impressively adaptable. It changed tactics from scam emails sending warnings about unpaid bills to account update phishing emails. It could propagate either through infected URLs and malicious email attachments.

How Trickbot Operates Now

Once it manages to infect one endpoint, Trickbot quickly spreads through the entire organization, laterally. The malware uses an SMB vulnerability to propagate. It’s then notoriously difficult to detect (it requires network admins to intuitively guess something is wrong, just by monitoring traffic and resource footprints).

Trickbot is even more notoriously difficult to remove, once detected. It requires IT admins to manually go through every infected endpoint, isolate it, and clean it.

Unfortunately, because Trickbot spreads through the SMB vulnerability, any sanitized endpoint can quickly become re-infected once it joins the network again if there is at least one other infected machine.

It also becomes more persistent by creating Scheduled Tasks, which carry out its agenda while evading user (and security software) detection. This makes the clean-up process painstaking and the infection incredibly resilient.

How Can Malware Disable Windows Defender?

Advanced malware has gained ways to avoid being detected by Windows Defender, in the past few years. This isn’t really news. What makes Trickbot exceedingly dangerous is the way it is capable to not only fly under Windows Defender’s radar but disable it altogether.

In one of the most recent Trickbot developments, the malware surprised researchers by silently disabling Windows Defender. Once the default protection was out of the way, the malware then proceeded to carry out its agenda of data stealing and email compromising.

In its most recent data scraping, it’s estimated that over 265 million email addresses were exposed and compromised. These emails will now be used in phishing and scamming campaigns, poised to break into banking accounts and make away with funds.

Here is how Trickbot exploits Windows Defender vulnerabilities:

At the time of my writing this blog post, this is how the most recently detected Trickbot version behaves, as documented by MalwareHunterTeam and Vitali Kremez.

Step #1. Add policies to SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection for the following:

DisableBehaviorMonitoring: Disables behavior monitoring in Windows Defender.
DisableOnAccessProtection: Disables scanning when you open a program or file.
DisableScanOnRealtimeEnable: Disabled process scanning.

Step #2. Configures the following Windows Defender preferences via PowerShell:

DisableRealtimeMonitoring: Disables real-time scanning.
DisableBehaviorMonitoring: Same as above, except as a Windows Defender preference.
DisableBlockAtFirstSeen: Disables Defender’s Cloud Protection feature.
DisableIOAVProtection: Disables scans of downloaded files and attachments.
DisablePrivacyMode: Disables privacy mode so all users can see threat history.
DisableIntrusionPreventionSystem: Disables network protection for known vulnerability exploits.
DisableScriptScanning: Disables the scanning of scripts.
SevereThreatDefaultAction: Set the value to 6, which turns off automatic remediation for severe threats.
LowThreatDefaultAction: Set the value to 6, which turns off automatic remediation for low threats.
ModerateThreatDefaultAction: Set the value to 6, which turns off automatic remediation for moderate threats.

All the measures taken by Trickbot to make sure it can carry out infections undisturbed are meticulous and complex. It’s easy to see how easy it would be for most users to be unaware of anything wrong until it’s too late. After all, who manually checks the permissions in Windows Defender daily?

Other Malware Which Disables Microsoft Security Apps

Perhaps even more worrisome is that Trickbot seems to not be an isolated case. We’re not dealing with brilliant hackers, the likes of which the world has never seen. The disabling of built-in defenses is becoming a more and more common sight with the latest malware strains.

The most recent example is the DealPly adware, which turns off defensive software such as Microsoft Smartscreen, but also well-known commercial security software (McAfee’s WebAdvisor). The actual damages of DealPly are not severe yet, but even malvertising can have disastrous effects when paired with financial malware and others.

Even if the damages of the DealPly adware are not immediately visible at this moment, it’s nevertheless worrisome how it can disable security software. Apparently avoiding detection will remain a malware ambition of the past.

We’re likely heading into an era of third-gen malware, if I were to speculate.
Click To Tweet

More Windows Defender Vulnerabilities to Know about

All Windows Defender vulnerabilities can be checked in almost real-time on a dedicated CVE portal HERE. You can also check for fixes there, but be warned that it can be a hassle to do it manually.

Windows Defender Updates Which Are Somewhat Closing Vulnerabilities

To be fair, Microsoft is trying to patch some of these vulnerabilities and succeeds to close gaps somewhat. But in the long run, especially because Microsoft is a huge target of attackers worldwide, it’s impossible to stay afloat.

How to Stay Safe Beyond the Limited Protection of Windows Defender

Within the limited scope of built-in Windows defenses, what you can do is create a separate user account. Run most of your routine activities from this plain user account and only enter the administrator account when you need to do something very important. Even then, tread carefully.

The other thing to do in order to overcome the Windows Defender vulnerabilities is to invest in extra protection layers.

You clearly can’t rely on Windows Defender for keeping your PC or laptop safe. Not having a specialized cybersecurity suite to protect your device has always been a hazard. But now, with the recent developments, it’s revealed to be even more dangerous than previously thought.

My advice is to not postpone your cybersecurity or stick to the free, default versions such as Windows Defender. No matter how improbable you might think a malware infection is, it may be closer than you think. People who lost data, money, privacy or worse to malware all thought it couldn’t happen to them.

Don’t rely on built-in, default defenses, or on a single security product, for that matter. Stay vigilant and try to have solutions which keep up with the threatscape.

How much protection is enough?

In the cat and mouse cybersecurity game, hackers quickly find ways to overcome current defensive software. Then, the defensive software strives to redefine itself to overcome the new malware developments, and so on.

All this takes place with exhilarating speeds. So, to make sure you can’t become the next victim of malware, don’t stop at one defender. Have an active next-gen Antivirus, but also a threat detection layer on top of it. Also, update your software and apply patches as soon as they’re released.

A cybersecurity suite which contains all of the above is, of course, ideal, so I can recommend our Thor Premium Home. If you want to try it for free, here’s a month on the house. Just click on the ‘I want to try it free for 30 days’ option and follow the rest of the instructions for installing.

Final thoughts

Regardless of the brand of products you use, just know that you’re better off using at least something in addition to just Windows Defender. Preferably, your defenses should include a smart threat detection mechanism, like a DNS filter. As long as you do that, all should be well.

Good luck with your cybersecurity and don’t forget to check from time to time if your Windows Defender is still active and up to date. Check especially if you’re not 100% confident in the rest of your security software. If you stay vigilant, you may catch threats in time, before any significant damage is done.

The post Windows Defender Vulnerabilities: How the Latest Malware Can Disable It appeared first on Heimdal Security Blog.

What Is Spear Phishing and How Do You Prevent It?

There’s more than one way to catch a ‘fish’ than phishing. And because the world of hacking always delivers when it comes to wacky wheeling-and-dealing, in this article I’ll be talking about spear phishing attacks. What is spear phishing, you ask? Long story short, it’s a phishing technique that plays on the victim’s trust or, rather his gullibility.

Spear phishing attacks are surgical, while general phishing attacks are more like “let’s cast this lure in the puddle and see what bites.” So, without further ado, let’s dig right into it. FYI: in this article, I’ll be covering the difference between spear and whale phishing and how to protect your company’s digital assets against them.

What is Spear Phishing?

So, what is spear phishing? According to the Big Book of things that go bump on the Internet and can really ruin your day, spear phishing is an email spoofing attack that targets very specific and very ‘employed’ individuals. As Aaron Ferguson noted, spear phishing attacks are directed against an employee or an organization.

What makes them so successful? Good question! Ferguson, an NSA agent and West Point Professor, said that the spoofed emails used in the attack look like they’ve been sent by well-known market actors such as PayPal, Google, Spotify, Netflix, and even Apple Pay.

In some cases, they make even take the guise of in-house emails, asking the employee to fill in credential requests. Why would someone be willing to share his/her credentials via email? Well, think of it this way: how likely are you to nix an email from your CEO, asking you ‘nicely’ to share your password and user because you’re far behind on your deadlines?

To further enforce the illusion, these spoofed emails use the moniker of an authoritarian figure (CEO, CTO).

And yes; the unaware user will click on any link, share any details, no matter how private they are, and will go on thinking that he dodged another bullet. Unfortunately, that reply will never reach your boss; it will end up in some hacker’s database who will have complete access to the company’s records.

Still, why is spear phishing that successful? Because the ‘spoofer’ really does his homework. Before a spear phishing’s attempt been made, the attacker will try to gather as much info as he can about his victim: name, work address, company’s profile, position, phone numbers, emails. When he has enough info, he will dispatch a cleverly penned email to the victim.

Thor Foresight makes sure that link is safe!

Your parents and friends will click any suspicious link, so make sure they're protected.

Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

An unlikely affair?

To show you just how effective these attacks are, I’m going to quote Ferguson’s example. Oh, by the way: successful spear phishing attacks are also called the ‘colonel effect.’ You’ll figure out in a sec why they’re called that way.

So, Ferguson, who’s also a West Pointer, wanted to find out just how knowledgeable the cadets are when it comes to cybersecurity. The teacher sent out some 500 emails to his students, but they appeared to have been sent by a certain Colonel Robert Melville from the same academy. In these emails, the ‘colonel’ wrote that the cadets can peek at their exam’s results by clicking on the enclosed link.

Naturally, nothing happened if they clicked the link. Instead, they would receive a follow-up message reading: “you have been spoofed. During this time, your computer could have been infected with trojans, viruses, or ransomware.” Seems like a harmless enough experiment, but the numbers paint an entirely different picture: 80% of cadets clicked on the bogus link.

Lesson learned – we still know squat about cybersecurity.

Spear Phishing vs. Whale Phishing

Source: IT-seal

There’s a huge difference between spear and whale phishing. While the first targets the ‘weakest link’ the latter is aimed at the big chief himself. Whale phishing attacks are designed to siphon confidential info from high-profile individuals such as chiefs of staff, C-level executives, celebrities, politicians, senior officers etc.

The technique’s more or less the same – spoofed emails sent from trusted sources. Still, compromising a high-profile target isn’t as easy as stealing data from a gullible employee. In this case, the attacker will also employ some social engineering tricks in an attempt to gather intel on his target.

Probably the best whale phishing example is the 2016 Seagate affair. Yes, the very same company that’s ‘responsible’ for your Barracuda hard drive had a major data breach three years ago after an HR officer sent out copies of employees’ 2015 W-2 tax forms, as requested via email by CEO Stephen Luczo.

Thinking that the email came straight from the “horse’s mouth”, the HR sent out the tax records copies. You can very well imagine what happens when someone shares very sensitive financial info on some 10,000 employees. Anyway, once upper management got wind of this data leak, they notified the authorities. No word so far on what became of the stolen data or the person(s) behind this attack.

Whale phishing attacks are more common then you think. During the same year, two other whaling attacks occurred – one of them involved Evan Spiegel, Snapchat’s CEO, and FACC, a plane manufacturing company that ‘incidentally’ works for Airbus and Boeing.

Phishing with a…rose

A bit on the poetic side, but rose phishing does exist although it’s not as as common as regular or spear phishing. It does sound rather outré, yet this type of scam has been around since like forever. Remember the ploy with the sickly father/uncle/brother and someone reaching out for cash? It’s basically the same thing; the only difference being that everything’s done online.

So, how does this work exactly? Well, let’s assume for a moment that a hacker wants access to your PayPal account. Bear in mind that rose phishing is taking the high road, lots of cloak-and-dagger stuff.

Now, the hacker will first attempt to gather as much info as possible about you: tastes in music, clothing, favorite hangout places, and, most importantly, friends. After the ‘recon’ phase, the hacker will then try to get in touch with your close friends, posing as a distant relative, high school crush, or whatever. Of course, he’s not even remotely interested in establishing a rapport with any of them; he’s just looking for a way to reach you.

What does happen once the scammer gets in touch with you? Well, he will do everything to earn your trust. And when I say “everything”, I mean just that. Some are pretty good – sharing their sob life experiences, others may even say they fell in love. Once they gain your trust, they will ask for some sort of favor – like my Facebook page (which is obviously spoofed), ask for a small loan, donation, or whatever. And we both know how this story ends, don’t we?

Spear Phishing IRL

Source: Easy Sol

And because no great piece of writing should be without some good stories, here’s what I managed to scrape up on spear phishing. Enjoy!

1. Alcoa

For those of you unfamiliar with the name, Alcoa’s is one of the world’s biggest producers of aluminum. With a business that spans 10 countries, the company makes for one tantalizing trophy. And, as fate would have it, then one who cracked open Alcoa’s treasure trove of industrial secrets was…the Chinese military.

Yes, I know that it sounds like something out of a James Bond movie, but the facts stand true. So, in 2008, a group of hackers hired by the Chinese military send out some 5,000 spoofed emails to various Alcoa employees. Without even flinching, all employees opened the email upon receival.

They didn’t click any links – once the recipient opened the email, the malware was installed on the computer. A couple of seconds later, the company’s closely-guarded secrets fell into the hands of the Chinese military.

2. PayPal’s Locky wacky ransomware attack

This wouldn’t be the first time PayPal customers are duped into opening spoofed emails. In an article I wrote a while back, I pointed out that it’s a very common scamming tactic to send out bogus emails to PayPal account holders; usually, the buyers take the bite, but it can happen to sellers as well.

Anyway, as for the Locky ransomware email campaign, back in 2016, around 100 million Amazon customers woke up with their PayPal accounts hacked after opening an email which was reportedly sent by Amazon.

If you’re wondering about the email’s content, well, apparently, it had a generic, ‘Amazonesque’ text like “Your Amazon.com order has dispatched (sic!)” followed by a random code. However, if one was to scroll down a bit, he would have found that the email had a peculiar attachment: a word document. Sure, the attachments won’t bat an eye, since it’s only natural for an email to contain a doc detailing the transaction. Guess what happened if someone attempted to download and open the document?

3. RSA

This one’s a little ironic since it happened to a company that provides online security services. In 2011, a scammer sent forged emails to all employees. Of course, the spam filter identified flagged the message and sent it to where it belongs. Apparently, one overzealous employee stumbled upon the scam mail while searching through the spam folder. Unfortunately, that brief moment of weakness took a great toll on the company’s reputation. Guess who opened the malicious email?

4. Ubiquiti Networks Inc

Around 2015, several Ubiquiti Networks employees received emails from what appeared to be senior execs. As the story goes, the persons posing as managers asked their employees to funnel funds to a Hong Kong subsidiary, which was supposed to have been managed by a third party. Of course, the money never reached the subsidiary’s account since the emails were spoofed. An incident report indicates that the company lost about $40 million in the incident.

5. EFF (Electronic Frontier Foundation)

The same year, a group of scammers managed to distribute keyloggers and other malware, by tricking users into following an in-mail link which was reportedly sent by the Electronic Frontier Foundation. Of course, EFF got wind of the scam and managed to shut down the illegal op.

6. Epsilon

In 2011, Epsilon, one of the world’s leading data-driven marketing platform, had to face its “mid-life crisis”. Thousands of customers were tricked into opening spoofed emails linking to bogus websites, all of them laden with malware. At that time, reports revealed that the Epsilon spear phishing campaign might have been a diversion for a much larger operation. A subsequent analysis revealed that the malicious website downloaded malware in the background that could do anything from providing remote access to disabling antivirus software.

Any difference between regular phishing, spear phishing, and whale phishing?

Well, apart from the fact that it’s all about “the phishing”, yes, they’re certainly different. Think about it this way: phishing is like throwing a net, hoping to catch something; spear phishing’s like using a rod, and whale phishing is, well, like going full Ahab on someone.

Let’s elaborate: phishing is when you send out hundreds or thousands of spoofed emails, hoping that some unfortunate soul will open them, follow the link to the credential-grabbing website. Spear phishing, on the other hand, is where you add a dash of finesse to the whole scamming gig – no more flying in blind; you hit, grab, and scoot.

Keep in mind that high-profile targets are more likely to strike back compared to your regular working Joe. This means that he or she might have more resources available for investing in the hunt for the hunter.

There’s also the matter of scarcity or rather the frequency of each of the three types of attacks. As you probably know by now, email phishing’s boorishly common; chances are that there’s a spoofed email collecting dust in your spam folder as we speak.

Spear phishing attacks take some time to prepare and deploy, but they’re not that uncommon as one might think. Even with the above-mentioned ‘incidents’, that’s still a lot. The truth of the matter is that no one can say for sure how many successful spear phishing attacks have been so far considering that they’ve been around since the ‘90s.

Anyway, my giveaway to you is this: if it’s generic, then it’s simple phishing. If you one day fire up the work email and see an email from your boss telling you to transfer money to some off-shore gig, then it’s spear phishing. Last but not least, if you’re part of the upper-class and you receive a message begging you give, submit, or remit, then it’s whale phishing at its finest.

5 tips to avoid spear phishing attempts

Source: Mozilla

1. Continuous cybersecurity education

Remember that scene from the Conjuring movie where Lorraine says that knowing what evil is called gives you power over it? It’s the same with phishing. Nowadays, it’s really not enough to hire an entire IT department to take care of your company’s cybersecurity. There’s not much anyone can do if, say, one of your employees decides to pop open a suspicious email.

So, if you’re a business owner, turn cybersecurity ‘awareness’ into a routine; it doesn’t need to be that frequent. Once or twice per month is more than enough. Try using some printed handouts, perhaps even short video presentations. What’s the purpose of all of this? To teach your employees that opening suspicious email attachments is really not okay. You should also let them know the difference between regular phishing, rose phishing, and spear/whale phishing.

And don’t forget about the most important cybersecurity lesson: it only takes one weak link to make the entire chain break apart. Recall the Seagate affair? One misinformed HR officer sent the entire company in a downward spiral. Lesson learned!

If you’re a home user, you can always look out for new resources on how to better protect your devices. Check out our educational section for antimalware tips and tricks.

2. Deploy a professional antimalware/anti-fraud network. AI for the win.

I really don’t think that there’s anyone out there who would risk losing everything just because he doesn’t want to spend a couple of bucks on an antimalware solution. With companies, it’s a matter of upscaling and going pro all the way.

Most AM/AV suppliers offered tailored enterprise services. You should also keep in mind that signature-based antimalware solutions are obsolete, since they’re unable to compete with malicious loads backed up by rogue AIs.

So, if you’re looking to bolster your company’s cybersecurity, be sure to choose an AI-powered one. It’s even better if it employs heuristics search engines based on machine learning techniques. Remember that only a well-balanced AM/AV solution can protect you against online fraud attempts, spear phishing included.

The easy way to protect yourself against malware

Here's 1 month of Thor Foresight Home, on the house!

Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

Try Thor Foresight

3. Stay on top of your email accounts

Probably the best way to safeguard your endpoints is to continuously monitor your accounts’ activity. Look if the spam filters are up and running and doing their job properly. If you see anything suspicious, don’t think twice before deleting or sending it to the spam folder. Doesn’t matter if you have a personal, business, work or work email account; any one of them can be hit by malware.

4. Full-throttle your DMARC

DMARC, which stands for Domain-based Message Authentication, Reporting, and Conformance is a sender/receiver protocol capable of figuring it if a message comes from a legit source or not. To deploy DMARC, you will need the Sender Policy Framework (the protocol that checks out email servers) and DomainKeys Identified Email (checks if the email has an embedded encryption key). Check with your AV/AM provider to see if your cybersecurity solution also covers DMARC standards.

5. Multi-factor auth whenever possible

If your company’s using several accounts, you should think about deploying multi-factor authentication solutions. Think Gmail’s 2FA. Yes, it may not be that Fort Knox-like security you were looking for, but an extra layer of protection doesn’t hurt. As for multi-factor auth, you can either go with digital tokenization or stick with physical keys just like Google’s Titan. Also, if you’re going to use 2FA from now on, you should definitely refrain from recycling passwords.

Wrap-up

Any takeaways? Don’t get hooked – I think that’s perhaps the most important lesson one needs to learn. Keep in mind that scammers are always looking for ways to get to you, whether it’s through phishing, whaling or spear phishing. Do you have any interesting spear phishing stories to share? Shoot me a comment and let the games begin.

The post What Is Spear Phishing and How Do You Prevent It? appeared first on Heimdal Security Blog.

Is PayPal Safe?

Is PayPal safe? Well, taking into account that PayPal’s one of the oldest and most ‘seasoned’ online money transfer platforms, it’s safe to assume that many an effort have been made to bolster its security.

Of course, timeline-wise, it was a trial-and-error kind of gig but at the moment, PayPal’s right out there with the big players such as Revolut, Dwolla, TransferWise, Payoneer, and Google Pay. So, what does that tell us in terms of cybersecurity? With that being the question du jour, let’s dig in and find an answer to our “chicken-or-the-egg” question: is PayPal safe or not?

Before we dwelve into it, if you are concerned about PayPal account’s security, here are 11+ scams you should look out for. Right, now onto the breach!

Is PayPal Safe for Your Cybersecurity?

In a nutshell, I would have to venture to say that PayPal is not completely safe. Of course, the same thing can be said about any online money transfer platform, but keep in mind that being the eldest player, it obviously attracts a lot of unwanted attention. And with some 227 million account holders worldwide, figuring out who’s next in line to be swindled is like playing charades.

According to the company, online fraud incidence is holding at a steady two percent, which is pretty decent considering that PayPal alone processes $235 billion in payments per year, and has ties to no less than 17 million websites and organizations.

Considering these numbers, we can assume that the peer-to-peer payment platform is not short of fraud attempts. So, what are the main risks of opening up a PayPal account or holding on tight to the one you have? Here’s a rundown of the most common types of swindling attempts.

Thor Foresight makes sure that link is safe!

Your parents and friends will click any suspicious link, so make sure they're protected.

Thor Foresight provides: Automatic and silent software updates Smart protection against malware Compatibility with any traditional antivirus.

SECURE YOUR ONLINE BROWSING!

Get Thor Foresight

1. Phishing

Phishing’s probably the most ‘abused’ and quite successful online scam (makes you wonder if PayPal is safe or not). Why is that, you ask? I wouldn’t pin it on the account holder’s gullibility; more on the fact that no one’s willing to spend ten minutes of their time reviewing PayPal’s Buyer and Seller Protection policy.

In the aforementioned article, I pointed out that most users are not aware of simple, down-to-earth PayPal facts (i.e. the platform will never request private info like address, password, financial details, or your social security number via email).

If your inbox lights up and you see an email from ‘PayPal’ requesting those details, then it’s more than likely a fraud attempt. PayPal phishing comes in many guises: some will ask you to follow a link in order to review and update your financial info, others try to reel you in with the promises of free cash or out-this-world prizes, while some are nicely wrapped in a sad story that tugs on your heartstrings (i.e. fake charities).

Be careful around emails containing attachments. Official PayPal emails don’t have any, apart from the company’s header.

2. Smishing

Email phishing’s not the only dirty trick in the scamming book. Phishing via text messages or smishing, is a quick way of finding out if you have a PayPal account.

In most cases, these ‘reverse-engineered’ text messages contain phone numbers. Yes, they entice you into calling them back to confirm a couple of ‘harmless’ details. Of course, they could also pack links to fake credential-grabbing sources, masquerading as legit PayPal pages. So, how this scam work? Here a quick heads-up:

You receive an SMS that reads: “Your PayPal account has been suspended due to suspicious activity. Please contact us immediately at <fraudster’s phone number>. It is imperative that we speak to you immediately.”
Another version “PayPal: You spent <random amount> with PayPal. If you did not make this transaction, please call us immediately at <scammer’s disposable phone number>. Thank You.”
Here’s a version that contains both phone numbers and phishing links: “PayPal: You spent <cash amount of choice> with PayPal. If you did not make this transaction, please login at mobileservices2019.com/txn?id=178948 to revert this transaction. Thank You.”

What happens if you call that number? Well, I guess you’ll have a ‘lovely’ chat with the fraudster who will probably try his best to persuade you into disclosing your account’s details. As for the link, I think we both know how this story ends (with you asking if PayPal is safe or not, of course).

3. Vishing

If phishing and smishing don’t work, we will always have vishing. What’s vishing? It’s a phishing method that involves an automated system designed to make voice calls. So, how does this work? Well, according to PayPal’s fraudulent pages and websites section, you may be called by someone claiming to be a company representative, urging you to either confirm or submit some credentials.

The conversation can go something like this:

This is PayPal calling about a possible fraudulent transaction on your account. Please enter your password now to hear the transaction details. We need your immediate response to block or confirm this transaction.

Guess what happens after submitting the password? Yes, it’s bye-bye PayPal money. Even more daunting is the fact that the scheme’s so perfect, that you will keep on thinking that the call was actually PayPal. Before calling, the scammer can change the caller ID to read “PayPal” or something similar. You still wondering if PayPal is safe?

4. Banking Trojans

And because phishing was not enough, now we even have trojans capable of ‘siphoning’ money from your account. This malware variant called a “banking trojan”, can bleed your balance dry even with two-factor authentication.

Cybersecurity researchers revealed that this trojan comes in the guise of a system and battery optimization app called Optimize Android. Upon installation, the app asks the user to switch on the “Enable statistics” option. After that, the trojan will begin analyzing your smartphone’s external and internal storages for banking apps like PayPal. If detected, the malware will wait for the user to enter his credentials before stealing money via the fake click method.

What sort of security measures does PayPal have in place?

Source: Make Tech Easier

To ensure that your hard-earned money stays where it’s supposed to, PayPal employs three types of security measures: email confirmations, PayPal Security Keys, and data encryption. There’s even a fourth measure, but it’s still being tested. Asking yourself if PayPal is safe or not?

1. Email confirmation

Each time you receive\issue a payment, you will be notified via email. Of course, if you receive this payment without performing any action in particular, you should definitely think about contacting PayPal since it’s obvious that someone might be trying to ‘hotwire’ your account.

2. PayPal Security Keys

This is PayPal’s take on 2FA. When switched on, the app will ask you to enter a security code, in addition to your PayPal password. Check your smartphone’s SMS inbox for the code; the security keys service is free of charge, but messaging rates may apply. Check with your mobile provider for additional details.

3. Data encryption

Since all transactions are online-exclusive, there will be a lot of safeguards in place: TLS protocols, Key pinning, and GDP (general data protection). When logging in, PayPal’s platform will determine if your connection’s TLS 1.0 or higher.

Of course, for extra protection, you should ensure that your browser’ capable of handling HTTPS connections (look for the padlock icon next to address bar).

To counter comm-interception attacks, PayPal uses a security layer called Key Pinning. This safeguard ensures that your browser’s communicating with a legit PayPal server. Why would this be useful? Well, scammers can actually intercept data in transit and redirect you to a cloned website. Key pinning prevents such attacks.

Last, but not least, PayPal’s data protection policies for both data-in-transit and at-rest are industry-compliant. This includes PCI-DSS and deference with independent third parties like the American Institute of Certified Public Accountants SSAE16 SOC1, Sarbanes-Oxley Act, and AT101 SOC2.

4. PayPal 3D-Secure (3DS Protocol)

As part of its ongoing anti-fraud crusade, PayPal has added an extra security layer which draws upon EMV’s proprietary 3-D Secure Protocol. Fully compliant with SCA (Strong Customer Authentication), this added layer will require the account holder to transmit a special security code to the bank that issued his credit or debit card in order to complete a transaction.

Depending on your card type, the system’s called “Verified by Visa”, “SafeKey”, or “MasterCard SecureCode”. Keep in mind that not all banking apps are compatible with 3-D encryption. The protocol will not be enabled by default.

Good news is that you will be able to ditch it if you have a hard time completing a transaction. Please note that the 3D-Secure passkey’s different from your PayPal’s password. Yes, it means that you’ll need to enter both in order to complete a transaction.

How to beef up your PayPal account security

Source: YouTube

Undoubtedly, there will always be someone out there just waiting to bleed your PayPal account dry. Though no one can guarantee complete safety (there’s no such thing in the online world), there are a few things you can try out in order to boost your security. So, without a due, here are some actionable security tips you should follow if you plan on keeping your PayPal account.

For Buyers

#1. Avoid transactioning over public Wi-Fis.

Keep in mind that unsecured Wi-Fis are great ‘hunting grounds’ for scammers. If the transaction cannot wait, you should consider using your mobile data instead of an open Wi-Fi. Charges may apply, but at least you would have answered the “is PayPal safe?” question.

#2. Using a dedicated device vs. an all-purpose device.

I know that the very thought of using a dedicated device just to view balance may seem like a whim, but it’s actually a lot safer than using an all-purpose machine (i.e. home PC or smartphone). How will this work? Let’s say you have a laptop at home, sitting idly in the corner, and collecting dust.

Instead of letting it die out, you can repurpose it to suit your PayPal needs- use this endpoint to make PayPal transactions, while keeping your smartphone and/or home computer for personal stuff (i.e. online gaming, surfing on the web, social media).

If you use a dedicated machine for PayPal activities, you won’t have to worry about having to deal with spyware or malware picked up from the web because you just had to see that cat video!

#3. Don’t link a debit card to your PayPal account.

I really don’t think it’s a good idea to hook up your debit card to any kind of online account, regardless if it’s Netflix, Google Play, or PayPal.

Now, with a credit card, worst case scenario would be covering for the ‘siphoned’ money (well, it’s not really what I would call an improvement, but you’ll still be able to make due until the next paycheck).

There’s another advantage to linking your credit instead of a debit card: if PayPal refuses to refund your money, you may still be able to settle the matter with the bank that issued your credit card in the first place.

#4. Keep an eye out on your balance

While it’s always a good idea to keep tabs on your PayPal balance, you should turn it into a habit from now on since scammers are known to trickle small amounts from your account. There’s even a short and sweet story to back up that claim. Anissa Wardell of The Publicists Assistant, says that after checking her account, she noticed that small sums kept vanishing (some $5 to $10 every couple of days).

Upon contacting PayPal, she was informed that the money was going to some small UK-based grocery store. Imagine her surprise when she found out that she’s been berry-picking without even being aware that she was doing it. Fortunately, the account was closed in time.

And because all’s well when it ends well, PayPal even offered her a full refund. There’s a lesson to be learned here – if you see that you’re a couple of bucks short, do yourself a favor and contact PayPal on the double. Sure, a few dollars every odd day isn’t a big deal, but imagine what can happen in a couple of weeks if the issue goes unresolved.

#5. Don’t click on in-mail links from ‘PayPal’

Spoofing’s not what you might call a cutting-edge scamming technique. Still, as the saying goes: “if it’s stupid, but it works, then it’s not stupid.” Now, if you come across any PayPal links in emails, hover your mouse over them; chances are that they have nothing to do with PayPal. There’s a surefire way to find out if the email is really from PayPal – hop on your account and go to Notifications. If PayPal wanted to reach out, then there will most certainly be an unread notification.

#6. Buy from trusted sources only

This one’s pretty straightforward– look for the padlock icon next to the merchant’s URL or Google’s checkmark; this is, by far, the fastest way to figure out if the vendor’s legit or someone trying to steal your money.

#7. Get yourself checked out

Trust goes both ways; even more so when money’s involved. As a buyer, you can verify your account by linking it to a valid email address or phone number. There are other, more ‘unsecure’ ways to verify your identity – by supplying your social security number or by attaching a debit\credit card to your account.

A bit of a paradox here, if you ask me; sure, typing in your SSN makes you a real person, but also puts your PayPal in harm’s way. A few bucks missing from your bank account is sad, but imagine what happens in case someone steals your identity. Now, if you opt for the SSN\debit & credit card verifications, I would strongly advise you to keep a close watch on your account and report any suspicious activity.

#8. Use third-party access token software with PayPal Developer

Though it’s a bit tricky, ‘cause it involves messing around with code lines and open-source apps, you will be able to add an access token to your PayPal account through the Developer medium. If you feel up to the task, follow the steps below to make the app generate an access token.

Step 1. Go to PayPal Developer and log in using your credentials.

Step 2. Head to the My Apps & Credentials section.

Step 3. Under the REST API section, click on Create App.

Step 4. Type in a name for your new app and hit the Create App button.

Step 5. Edit and review the app’s details, if necessary and then hit the Save button.

Step 6. To generate the access token, make a token request using the application’s OAuth client id and, of course, the secret keys using the /token command. This will give you the basic authentication values.

Step 7. Look the request body and change the grant_type line to client_credentials.

Step 8. Review your code lines and hit the run button. If written correctly, the app should give you an access token.

Yes, I know that this sounds like Medieval Klingon, but let me give you a hand. Here’s how the access token request should look like:

curl -v https://api.sandbox.paypal.com/v1.oauth2/token \

H “Accept: application/json” \
H “Accept -Language: en_US” \
-u “EO EOJ2S-Z60oN_le_KS1d75wsZ6y0SFdVsY9183IvxFyZp:EC1usMEUk8e9ihI7ZdXLF5cz6y0SFdVsY9183IvxFyZp”

d “grant_type=client_credentials”

For sellers

#1. Don’t oversell your goods

I know that the urge to boast your goods is strong, but you should definitely refrain from being too “flamboyant” in your description. Stick to the basics: size, weight, and condition – anything the buyer needs to know about the product he’s about to purchase. If you’re selling used goods, you should also consider adding notes about any scratches or marks.

Why this nitpicking? Because it’s a common PayPal scamming technique to open disputes over products not matching their descriptions. And yes, it doesn’t matter how insignificant the differences are; they’ll still try to dispute it. To avoid this embarrassing situation, post lots of close-up pictures and consider adding a follow-up note to ensure that the package arrived on time and everything’s hunky-dory.

#2. Only agree to ship to confirmed addresses

PayPal wholeheartedly encourages the seller to ship only to buyers who have confirmed their shipping address. Before completing the transaction, ensure that the person verified his credit card and that the billing will be done to the same address. Consider adding tracking to your shipment.

#3. Avoid using labels that are emailed or sent to you

Always use your shipping company’s labels or wrappings. If someone asks you to stick a different label or postage mark on the package, it’s a high chance that you may be dealing with a scammer. So, avoid shipping through major postal services, using labels received at home or over email, and use online tracking. Now, if your goods exceed $250, request a signature on delivery.

#4. Watch out for suspicious transactions

In some cases, especially when high-value items are involved, the scammers will attempt to rush the shipment or to make partial payments through several PayPal accounts. Always ask for full payment from a single, trackable, and registered PayPal account, and don’t forget about signature confirmation on receival.

#5. Don’t misplace your sale and shipment records

Keep in mind that PayPal buyers are legally entitled to dispute any transaction within 180 days. Still, that’s not the end of the line; to qualify for the company’s seller protection program, keep all the records pertaining to sale and shipping. Moreover, you’ll be more likely to outwit a potential scammer if you send out the requested documentation and for quick responses to disputes.

PayPal Security FAQ

Q: Is PayPal safe to keep money?

A: As long as you take the necessary precautions, there’s no reason to worry about money deposited in your PayPal account. If you have any reasons to believe that your PayPal’s account might be at risk, contact PayPal support.

Bear in mind that PayPal does not replace a regular bank account, so you should refrain from keeping all your money tied in your online account.

Q: Is PayPal safe to use with bank account?

A: The platform allows account holders to tie in their bank accounts, by attaching a credit or debit card. To bolster your security, I would advise against linking a debit card to your PayPal account. In the event that a scammer breaks into your account, fraudulent credit card charges can easily be cleared with the issuing bank. However, if the scammer manages to empty your debit card, then there’s nothing more to be done.

Q: Is PayPal safe to transfer money?

A: PayPal is one of the safest money transfer environments. Make sure that you carefully read the terms and conditions that apply to your case (buyer or seller).

Q: Is PayPal safe to buy online?

A: As long as you make your purchases from legitimate vendors, the chances of being scammed are negligible. If you have any reason to doubt the seller’s intentions, contact PayPal for a quick check-up. In the meantime, you can search for signs of frauds yourself.

Look for things like billing address doesn’t match the shipping one, the vendor wants to use postal services instead of relying on a shipping company. If the seller has an e-shop or a presentation website, you can also check the content for any discrepancies (i.e. stock photos, spelling errors, texts on how to get rich fast, over-inflated user comments, spammy articles).

Wrap-up

So, is PayPal safe? Long story short: yes, it is or, at the very least, it’s safer compared to other online-money transfer services. Of course, no one can guarantee that nothing bad will happen to you when using PayPal.

It’s safe to assume that it all boils down to what we do in the ‘shadows’, I guess: if you’re careful enough about your account’s cybersecurity, then the only way someone’s going to steal your money would be to rob you at gunpoint. Lessons learned? Avoid shady vendors, put several security layers between you and the scammer, report suspicious activity, and don’t go overboard with the selling bit. Do you have any sad or amusing PayPal stories to share with the rest of the community? Don’t be a stranger and leave a comment.

The post Is PayPal Safe? appeared first on Heimdal Security Blog.

August 2019
M	T	W	T	F	S	S
« Jul
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31